Tech Community Live: Microsoft Intune
Oct 01 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Best Practices for Enabling Active Directory Forest Discovery in SCCM

Iron Contributor

Hi All,

 

We are going to enable the AD Forest Discovery in our Configuration Manager environment and before do that I wanted to make sure the best practices to doing that. I have below concerns when we enabling the AD forest discovery. appreciate the help on this.

 

  1. Can we enable only AD forest discovery and keep System discovery disable in the environment. What are the disadvantages of doing that?
  2. When we enabling AD forest discovery, when do we need to enable "automatic IP subnet boundary creation" and what are the disadvantages of not enabling that?
  3. Is it ok if I enable only "Automatic IP range boundary creation" without enabling "automatic IP subnet boundary"?
  4. When to enable "Publish the site to AD forest" and what are the disadvantages of not enabling it?

Thanks in advance,

Dilan

2 Replies
1, Sure not sure why you would disable system discovery though.
2. You don't need to enable it, however it trying to help you with your boundaries.
3. it is not recommended to use anything but IP ranges for boundaries.
4. This is covered within the docs on the subject, what is not clear with them?

Thank you for the reply, I need few clarification on 2nd and 4th points.

2) I don't want to create IP subnet boundaries in our Configuration Manager environment as I would prefer IP range boundaries. I noticed that when I enabling AD forest discovery there is two options, which are "Automatic IP Subnet boundary creation" and "Automatic IP range boundary creation". Therefore, I wanted to know if I select only "Automatic IP range boundary creation", are there any constraints or disadvantages? if there is no special constraints or disadvantages, I could go with without selecting "Automatic IP Subnet boundary creation" and I could avoid creating extra IP subnet boundaries in our Configuration Manager.

4) Our environment is not a multi forest, it is a single forest with 2 domain controllers and few RODCs. So, my concerns is according to our environment does it make any difference if I enable "Publish the site to AD forest" or not. if it is not make any difference, I would prefer not enable forest publishing. Please also note that, here I am talking about "Active Directory forests for publishing", NOT about "Configuration Manager sites to publish to AD DS".

https://learn.microsoft.com/en-us/mem/configmgr/core/servers/deploy/configure/publish-site-data#to-s...

Thanks,